1 |
commit: 7c8eedf78630843a63ef9789672916708aa9aba0 |
2 |
Author: Michael Haubenwallner <haubi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jul 4 10:01:04 2018 +0000 |
4 |
Commit: Michael Haubenwallner <haubi <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jul 4 10:01:04 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=7c8eedf7 |
7 |
|
8 |
net-nds/openldap: re-add for stacked windows prefix |
9 |
|
10 |
Package-Manager: Portage-2.3.24, Repoman-2.3.6 |
11 |
|
12 |
net-nds/openldap/Manifest | 2 + |
13 |
net-nds/openldap/files/DB_CONFIG.fast.example | 25 + |
14 |
.../files/openldap-2.2.14-perlthreadsfix.patch | 12 + |
15 |
.../openldap/files/openldap-2.4.11-libldap_r.patch | 11 + |
16 |
.../openldap/files/openldap-2.4.15-ppolicy.patch | 12 + |
17 |
net-nds/openldap/files/openldap-2.4.17-gcc44.patch | 11 + |
18 |
.../openldap/files/openldap-2.4.28-fix-dash.patch | 26 + |
19 |
.../files/openldap-2.4.28-gnutls-gcrypt.patch | 11 + |
20 |
net-nds/openldap/files/openldap-2.4.31-gcc47.patch | 16 + |
21 |
.../files/openldap-2.4.35-contrib-samba4.patch | 38 + |
22 |
.../files/openldap-2.4.35-contrib-smbk5pwd.patch | 48 ++ |
23 |
net-nds/openldap/files/openldap-2.4.40-slapd-conf | 64 ++ |
24 |
.../files/openldap-2.4.42-mdb-unbundle.patch | 136 ++++ |
25 |
...enldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch | 109 +++ |
26 |
.../openldap/files/openldap-2.4.45-libressl.patch | 65 ++ |
27 |
.../files/openldap-2.4.6-evolution-ntlm.patch | 192 +++++ |
28 |
net-nds/openldap/files/slapd-confd-2.4.28-r1 | 26 + |
29 |
net-nds/openldap/files/slapd-initd-2.4.40-r2 | 64 ++ |
30 |
net-nds/openldap/files/slapd.service | 12 + |
31 |
net-nds/openldap/files/slapd.service.conf | 12 + |
32 |
net-nds/openldap/files/slapd.tmpfilesd | 2 + |
33 |
net-nds/openldap/metadata.xml | 20 + |
34 |
net-nds/openldap/openldap-2.4.45.ebuild | 886 +++++++++++++++++++++ |
35 |
23 files changed, 1800 insertions(+) |
36 |
|
37 |
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest |
38 |
new file mode 100644 |
39 |
index 0000000000..d0a81c6ed5 |
40 |
--- /dev/null |
41 |
+++ b/net-nds/openldap/Manifest |
42 |
@@ -0,0 +1,2 @@ |
43 |
+DIST openldap-2.4.45.tgz 5672845 BLAKE2B e1f97553482a2e8630b62bc0f439af2484f1a2349a1a077382a124354424fe510ab55f32c073565b142d0c9318870fe31a2652268ebabd97d3afd8c833bc7aab SHA512 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab |
44 |
+DIST rfc2307bis.schema-20140524 12262 BLAKE2B 98031f49e9bde1e4821e637af3382364d8344ed7017649686a088070d96a632dffa6c661552352656b1b159c0fd962965580069a64c7f3d5bb6a3ed75f60fd99 SHA512 83b89a1deeefc8566b97e7e865b9b6d04541099cbdf719e24538a7d27d61b6209e87ab9003a9f140bd9afd018ec569e71721e3a24090e1902c8b6659d2ba103e |
45 |
|
46 |
diff --git a/net-nds/openldap/files/DB_CONFIG.fast.example b/net-nds/openldap/files/DB_CONFIG.fast.example |
47 |
new file mode 100644 |
48 |
index 0000000000..8b52062c9c |
49 |
--- /dev/null |
50 |
+++ b/net-nds/openldap/files/DB_CONFIG.fast.example |
51 |
@@ -0,0 +1,25 @@ |
52 |
+# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1 2004/06/18 02:49:08 kurt Exp $ |
53 |
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. |
54 |
+# |
55 |
+# See Sleepycat Berkeley DB documentation |
56 |
+# <http://www.sleepycat.com/docs/ref/env/db_config.html> |
57 |
+# for detail description of DB_CONFIG syntax and semantics. |
58 |
+# |
59 |
+# Hints can also be found in the OpenLDAP Software FAQ |
60 |
+# <http://www.openldap.org/faq/index.cgi?file=2> |
61 |
+ |
62 |
+# one 0.25 GB cache |
63 |
+set_cachesize 0 16777216 0 |
64 |
+ |
65 |
+# Data Directory |
66 |
+#set_data_dir db |
67 |
+ |
68 |
+# Transaction Log settings |
69 |
+set_lg_regionmax 262144 |
70 |
+set_lg_bsize 524288 |
71 |
+#set_lg_dir logs |
72 |
+ |
73 |
+# When using (and only when using) slapadd(8) or slapindex(8), |
74 |
+# the following flags may be useful: |
75 |
+#set_flags DB_TXN_NOSYNC |
76 |
+#set_flags DB_TXN_NOT_DURABLE |
77 |
|
78 |
diff --git a/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch |
79 |
new file mode 100644 |
80 |
index 0000000000..ddb6672a5f |
81 |
--- /dev/null |
82 |
+++ b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch |
83 |
@@ -0,0 +1,12 @@ |
84 |
+diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in |
85 |
+--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in 2004-04-12 11:20:14.000000000 -0700 |
86 |
++++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in 2004-06-20 18:43:41.000000000 -0700 |
87 |
+@@ -31,7 +31,7 @@ |
88 |
+ |
89 |
+ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) |
90 |
+ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) |
91 |
+-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) |
92 |
++UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts` |
93 |
+ |
94 |
+ LIBBASE = back_perl |
95 |
+ |
96 |
|
97 |
diff --git a/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch |
98 |
new file mode 100644 |
99 |
index 0000000000..448249a3b5 |
100 |
--- /dev/null |
101 |
+++ b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch |
102 |
@@ -0,0 +1,11 @@ |
103 |
+diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in |
104 |
+--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800 |
105 |
++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700 |
106 |
+@@ -37,6 +37,7 @@ |
107 |
+ XLIBS = $(LIBRARY) |
108 |
+ XXLIBS = |
109 |
+ NT_LINK_LIBS = $(AC_LIBS) |
110 |
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) |
111 |
+ |
112 |
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir) |
113 |
+ XDEFS = $(MODULES_CPPFLAGS) |
114 |
|
115 |
diff --git a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch |
116 |
new file mode 100644 |
117 |
index 0000000000..3195ee550f |
118 |
--- /dev/null |
119 |
+++ b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch |
120 |
@@ -0,0 +1,12 @@ |
121 |
+--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800 |
122 |
++++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700 |
123 |
+@@ -1315,8 +1315,8 @@ |
124 |
+ int nsctrls = 0; |
125 |
+ |
126 |
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST |
127 |
++ LDAPControl c; |
128 |
+ if ( ppolicy ) { |
129 |
+- LDAPControl c; |
130 |
+ c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; |
131 |
+ c.ldctl_value.bv_val = NULL; |
132 |
+ c.ldctl_value.bv_len = 0; |
133 |
|
134 |
diff --git a/net-nds/openldap/files/openldap-2.4.17-gcc44.patch b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch |
135 |
new file mode 100644 |
136 |
index 0000000000..aa7fe7ac35 |
137 |
--- /dev/null |
138 |
+++ b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch |
139 |
@@ -0,0 +1,11 @@ |
140 |
+diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp |
141 |
+--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp 2008-04-15 02:09:26.000000000 +0300 |
142 |
++++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp 2009-08-10 13:21:24.000000000 +0300 |
143 |
+@@ -13,6 +13,7 @@ |
144 |
+ #include <termios.h> |
145 |
+ #endif |
146 |
+ |
147 |
++#include <stdio.h> |
148 |
+ #include <string.h> |
149 |
+ #include "SaslInteractionHandler.h" |
150 |
+ #include "SaslInteraction.h" |
151 |
|
152 |
diff --git a/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch |
153 |
new file mode 100644 |
154 |
index 0000000000..d15c3d2231 |
155 |
--- /dev/null |
156 |
+++ b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch |
157 |
@@ -0,0 +1,26 @@ |
158 |
+Our libtool needs bash to work properly. |
159 |
+Patch unbreaks build when /bin/sh points to dash: |
160 |
+ |
161 |
+ Entering subdirectory liblber |
162 |
+ /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c assert.c |
163 |
+ ../../build/mkversion -v "2.4.28" liblber.la > version.c |
164 |
+ /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c decode.c |
165 |
+ eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found |
166 |
+ eval: 1: base_compile+= -O0: not found |
167 |
+ eval: 1: base_compile+= -D_GNU_SOURCE: not found |
168 |
+ eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found |
169 |
+ ... |
170 |
+ make[2]: *** [decode.lo] Error 1 |
171 |
+diff --git a/build/top.mk b/build/top.mk |
172 |
+index 6fea488..ea324e3 100644 |
173 |
+--- a/build/top.mk |
174 |
++++ b/build/top.mk |
175 |
+@@ -20,7 +20,7 @@ VERSION= @VERSION@ |
176 |
+ RELEASEDATE= @OPENLDAP_RELEASE_DATE@ |
177 |
+ |
178 |
+ @SET_MAKE@ |
179 |
+-SHELL = /bin/sh |
180 |
++SHELL = @SHELL@ |
181 |
+ |
182 |
+ top_builddir = @top_builddir@ |
183 |
+ |
184 |
|
185 |
diff --git a/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch |
186 |
new file mode 100644 |
187 |
index 0000000000..aeecb0f401 |
188 |
--- /dev/null |
189 |
+++ b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch |
190 |
@@ -0,0 +1,11 @@ |
191 |
+--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000 |
192 |
++++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000 |
193 |
+@@ -1214,7 +1214,7 @@ |
194 |
+ ol_with_tls=gnutls |
195 |
+ ol_link_tls=yes |
196 |
+ |
197 |
+- TLS_LIBS="-lgnutls" |
198 |
++ TLS_LIBS="-lgnutls -lgcrypt" |
199 |
+ |
200 |
+ AC_DEFINE(HAVE_GNUTLS, 1, |
201 |
+ [define if you have GNUtls]) |
202 |
|
203 |
diff --git a/net-nds/openldap/files/openldap-2.4.31-gcc47.patch b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch |
204 |
new file mode 100644 |
205 |
index 0000000000..5b6af4b295 |
206 |
--- /dev/null |
207 |
+++ b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch |
208 |
@@ -0,0 +1,16 @@ |
209 |
+Fix building with gcc-4.7 |
210 |
+ |
211 |
+https://bugs.gentoo.org/show_bug.cgi?id=420959 |
212 |
+http://www.openldap.org/its/index.cgi/Incoming?id=7304;page=16 #ITS 7304 |
213 |
+ |
214 |
+Patch written by Kacper Kowalik <xarthisius@g.o> |
215 |
+--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp |
216 |
++++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp |
217 |
+@@ -16,6 +16,7 @@ |
218 |
+ |
219 |
+ #include <stdio.h> |
220 |
+ #include <string.h> |
221 |
++#include <unistd.h> |
222 |
+ #include "SaslInteractionHandler.h" |
223 |
+ #include "SaslInteraction.h" |
224 |
+ #include "debug.h" |
225 |
|
226 |
diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch |
227 |
new file mode 100644 |
228 |
index 0000000000..4312dc7c55 |
229 |
--- /dev/null |
230 |
+++ b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch |
231 |
@@ -0,0 +1,38 @@ |
232 |
+diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile openldap-2.4.35/contrib/slapd-modules/samba4/Makefile |
233 |
+--- openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile 2013-03-28 15:41:51.000000000 +0000 |
234 |
++++ openldap-2.4.35/contrib/slapd-modules/samba4/Makefile 2013-04-16 02:16:40.651868432 +0000 |
235 |
+@@ -20,7 +20,8 @@ |
236 |
+ |
237 |
+ LIBTOOL = $(LDAP_BUILD)/libtool |
238 |
+ CC = gcc |
239 |
+-OPT = -g -O2 -Wall |
240 |
++#OPT = -g -O2 -Wall |
241 |
++OPT = -Wall |
242 |
+ DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \ |
243 |
+ -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \ |
244 |
+ -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC |
245 |
+@@ -41,20 +42,20 @@ |
246 |
+ .SUFFIXES: .c .o .lo |
247 |
+ |
248 |
+ .c.lo: |
249 |
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< |
250 |
++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< |
251 |
+ |
252 |
+ all: $(PROGRAMS) |
253 |
+ |
254 |
+ pguid.la: pguid.lo |
255 |
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ |
256 |
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ |
257 |
+ -rpath $(moduledir) -module -o $@ $? $(LIBS) |
258 |
+ |
259 |
+ rdnval.la: rdnval.lo |
260 |
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ |
261 |
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ |
262 |
+ -rpath $(moduledir) -module -o $@ $? $(LIBS) |
263 |
+ |
264 |
+ vernum.la: vernum.lo |
265 |
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ |
266 |
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ |
267 |
+ -rpath $(moduledir) -module -o $@ $? $(LIBS) |
268 |
+ |
269 |
+ clean: |
270 |
|
271 |
diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch |
272 |
new file mode 100644 |
273 |
index 0000000000..4383802a0e |
274 |
--- /dev/null |
275 |
+++ b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch |
276 |
@@ -0,0 +1,48 @@ |
277 |
+diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile |
278 |
+--- openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile 2013-03-28 15:41:51.000000000 +0000 |
279 |
++++ openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile 2013-04-16 02:13:38.939913119 +0000 |
280 |
+@@ -21,16 +21,23 @@ |
281 |
+ SSL_INC = |
282 |
+ SSL_LIB = -lcrypto |
283 |
+ |
284 |
+-HEIMDAL_INC = -I/usr/heimdal/include |
285 |
+-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv |
286 |
++#HEIMDAL_INC = -I/usr/heimdal/include |
287 |
++#HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv |
288 |
++KRB5_INC = $(HEIMDAL_INC) |
289 |
++KRB5_LIB = $(HEIMDAL_LIB) -lkrb5 -lkadm5srv |
290 |
+ |
291 |
+ LIBTOOL = $(LDAP_BUILD)/libtool |
292 |
+ CC = gcc |
293 |
+-OPT = -g -O2 -Wall |
294 |
++#OPT = -g -O2 -Wall |
295 |
++OPT = -Wall |
296 |
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. |
297 |
+-DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW |
298 |
+-INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) |
299 |
+-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) |
300 |
++#DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW |
301 |
++INCS = $(LDAP_INC) $(KRB5_INC) $(SSL_INC) |
302 |
++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS))) |
303 |
++ LIBS=$(LDAP_LIB) $(SSL_LIB) |
304 |
++else |
305 |
++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB) |
306 |
++endif |
307 |
+ |
308 |
+ PROGRAMS = smbk5pwd.la |
309 |
+ LTVER = 0:0:0 |
310 |
+@@ -46,12 +53,12 @@ |
311 |
+ .SUFFIXES: .c .o .lo |
312 |
+ |
313 |
+ .c.lo: |
314 |
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< |
315 |
++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< |
316 |
+ |
317 |
+ all: $(PROGRAMS) |
318 |
+ |
319 |
+ smbk5pwd.la: smbk5pwd.lo |
320 |
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ |
321 |
++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ |
322 |
+ -rpath $(moduledir) -module -o $@ $? $(LIBS) |
323 |
+ |
324 |
+ clean: |
325 |
|
326 |
diff --git a/net-nds/openldap/files/openldap-2.4.40-slapd-conf b/net-nds/openldap/files/openldap-2.4.40-slapd-conf |
327 |
new file mode 100644 |
328 |
index 0000000000..8ecc732b96 |
329 |
--- /dev/null |
330 |
+++ b/net-nds/openldap/files/openldap-2.4.40-slapd-conf |
331 |
@@ -0,0 +1,64 @@ |
332 |
+# |
333 |
+# See slapd.conf(5) for details on configuration options. |
334 |
+# This file should NOT be world readable. |
335 |
+# |
336 |
+include /etc/openldap/schema/core.schema |
337 |
+ |
338 |
+# Define global ACLs to disable default read access. |
339 |
+ |
340 |
+# Do not enable referrals until AFTER you have a working directory |
341 |
+# service AND an understanding of referrals. |
342 |
+#referral ldap://root.openldap.org |
343 |
+ |
344 |
+pidfile /run/openldap/slapd.pid |
345 |
+argsfile /run/openldap/slapd.args |
346 |
+ |
347 |
+# Load dynamic backend modules: |
348 |
+###INSERTDYNAMICMODULESHERE### |
349 |
+ |
350 |
+# Sample security restrictions |
351 |
+# Require integrity protection (prevent hijacking) |
352 |
+# Require 112-bit (3DES or better) encryption for updates |
353 |
+# Require 63-bit encryption for simple bind |
354 |
+# security ssf=1 update_ssf=112 simple_bind=64 |
355 |
+ |
356 |
+# Sample access control policy: |
357 |
+# Root DSE: allow anyone to read it |
358 |
+# Subschema (sub)entry DSE: allow anyone to read it |
359 |
+# Other DSEs: |
360 |
+# Allow self write access |
361 |
+# Allow authenticated users read access |
362 |
+# Allow anonymous users to authenticate |
363 |
+# Directives needed to implement policy: |
364 |
+# access to dn.base="" by * read |
365 |
+# access to dn.base="cn=Subschema" by * read |
366 |
+# access to * |
367 |
+# by self write |
368 |
+# by users read |
369 |
+# by anonymous auth |
370 |
+# |
371 |
+# if no access controls are present, the default policy |
372 |
+# allows anyone and everyone to read anything but restricts |
373 |
+# updates to rootdn. (e.g., "access to * by * read") |
374 |
+# |
375 |
+# rootdn can always read and write EVERYTHING! |
376 |
+ |
377 |
+####################################################################### |
378 |
+# BDB database definitions |
379 |
+####################################################################### |
380 |
+ |
381 |
+database hdb |
382 |
+suffix "dc=my-domain,dc=com" |
383 |
+# <kbyte> <min> |
384 |
+checkpoint 32 30 |
385 |
+rootdn "cn=Manager,dc=my-domain,dc=com" |
386 |
+# Cleartext passwords, especially for the rootdn, should |
387 |
+# be avoid. See slappasswd(8) and slapd.conf(5) for details. |
388 |
+# Use of strong authentication encouraged. |
389 |
+rootpw secret |
390 |
+# The database directory MUST exist prior to running slapd AND |
391 |
+# should only be accessible by the slapd and slap tools. |
392 |
+# Mode 700 recommended. |
393 |
+directory /var/lib/openldap-data |
394 |
+# Indices to maintain |
395 |
+index objectClass eq |
396 |
|
397 |
diff --git a/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch |
398 |
new file mode 100644 |
399 |
index 0000000000..9265a01701 |
400 |
--- /dev/null |
401 |
+++ b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch |
402 |
@@ -0,0 +1,136 @@ |
403 |
+--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200 |
404 |
++++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200 |
405 |
+@@ -160,6 +160,7 @@ |
406 |
+ LTHREAD_LIBS = @LTHREAD_LIBS@ |
407 |
+ |
408 |
+ BDB_LIBS = @BDB_LIBS@ |
409 |
++MDB_LIBS = @MDB_LIBS@ |
410 |
+ SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@ |
411 |
+ |
412 |
+ LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la |
413 |
+--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200 |
414 |
++++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200 |
415 |
+@@ -563,6 +563,38 @@ |
416 |
+ ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])]) |
417 |
+ ]) |
418 |
+ |
419 |
++dnl -------------------------------------------------------------------- |
420 |
++dnl Check for version compatility with back-mdb |
421 |
++AC_DEFUN([OL_MDB_COMPAT], |
422 |
++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[ |
423 |
++ AC_EGREP_CPP(__mdb_version_compat,[ |
424 |
++#include <lmdb.h> |
425 |
++ |
426 |
++/* require 0.9.14 or later */ |
427 |
++#if MDB_VERSION_FULL >= 0x00000009000E |
428 |
++ __mdb_version_compat |
429 |
++#endif |
430 |
++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])]) |
431 |
++]) |
432 |
++ |
433 |
++dnl |
434 |
++dnl -------------------------------------------------------------------- |
435 |
++dnl Find any MDB |
436 |
++AC_DEFUN([OL_MDB], |
437 |
++[ol_cv_mdb=no |
438 |
++AC_CHECK_HEADERS(lmdb.h) |
439 |
++if test $ac_cv_header_lmdb_h = yes; then |
440 |
++ OL_MDB_COMPAT |
441 |
++ |
442 |
++ if test $ol_cv_mdb_compat != yes ; then |
443 |
++ AC_MSG_ERROR([LMDB version incompatible with MDB backends]) |
444 |
++ fi |
445 |
++ |
446 |
++ ol_cv_lib_mdb=-llmdb |
447 |
++ ol_cv_mdb=yes |
448 |
++fi |
449 |
++]) |
450 |
++ |
451 |
+ dnl |
452 |
+ dnl ==================================================================== |
453 |
+ dnl Check POSIX Thread version |
454 |
+--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200 |
455 |
++++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200 |
456 |
+@@ -25,11 +25,10 @@ |
457 |
+ extended.lo operational.lo \ |
458 |
+ attr.lo index.lo key.lo filterindex.lo \ |
459 |
+ dn2entry.lo dn2id.lo id2entry.lo idl.lo \ |
460 |
+- nextid.lo monitor.lo mdb.lo midl.lo |
461 |
++ nextid.lo monitor.lo |
462 |
+ |
463 |
+ LDAP_INCDIR= ../../../include |
464 |
+ LDAP_LIBDIR= ../../../libraries |
465 |
+-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb |
466 |
+ |
467 |
+ BUILD_OPT = "--enable-mdb" |
468 |
+ BUILD_MOD = @BUILD_MDB@ |
469 |
+@@ -44,7 +43,7 @@ |
470 |
+ |
471 |
+ LIBBASE = back_mdb |
472 |
+ |
473 |
+-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR) |
474 |
++XINCPATH = -I.. -I$(srcdir)/.. |
475 |
+ XDEFS = $(MODULES_CPPFLAGS) |
476 |
+ |
477 |
+ all-local-lib: ../.backend |
478 |
+@@ -52,11 +51,5 @@ |
479 |
+ ../.backend: lib$(LIBBASE).a |
480 |
+ @touch $@ |
481 |
+ |
482 |
+-mdb.lo: $(MDB_SUBDIR)/mdb.c |
483 |
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c |
484 |
+- |
485 |
+-midl.lo: $(MDB_SUBDIR)/midl.c |
486 |
+- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c |
487 |
+- |
488 |
+ veryclean-local-lib: FORCE |
489 |
+ $(RM) $(XXHEADERS) $(XXSRCS) .links |
490 |
+--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200 |
491 |
++++ ./configure.in 2014-10-24 10:51:34.372846374 +0200 |
492 |
+@@ -519,6 +519,7 @@ |
493 |
+ dnl Initialize vars |
494 |
+ LDAP_LIBS= |
495 |
+ BDB_LIBS= |
496 |
++MDB_LIBS= |
497 |
+ SLAPD_NDB_LIBS= |
498 |
+ SLAPD_NDB_INCS= |
499 |
+ LTHREAD_LIBS= |
500 |
+@@ -1905,6 +1906,30 @@ |
501 |
+ fi |
502 |
+ |
503 |
+ dnl ---------------------------------------------------------------- |
504 |
++ol_link_mdb=no |
505 |
++ |
506 |
++if test $ol_enable_mdb != no; then |
507 |
++ OL_MDB |
508 |
++ |
509 |
++ if test $ol_cv_mdb = no ; then |
510 |
++ AC_MSG_ERROR(MDB: LMDB not available) |
511 |
++ fi |
512 |
++ |
513 |
++ AC_DEFINE(HAVE_MDB,1, |
514 |
++ [define this if LMDB is available]) |
515 |
++ |
516 |
++ dnl $ol_cv_lib_mdb should be yes or -llmdb |
517 |
++ dnl (it could be no, but that would be an error |
518 |
++ if test $ol_cv_lib_mdb != yes ; then |
519 |
++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb" |
520 |
++ fi |
521 |
++ |
522 |
++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)" |
523 |
++ |
524 |
++ ol_link_mdb=yes |
525 |
++fi |
526 |
++ |
527 |
++dnl ---------------------------------------------------------------- |
528 |
+ |
529 |
+ if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then |
530 |
+ BUILD_LIBS_DYNAMIC=shared |
531 |
+@@ -3133,6 +3158,7 @@ |
532 |
+ AC_SUBST(LDAP_LIBS) |
533 |
+ AC_SUBST(SLAPD_LIBS) |
534 |
+ AC_SUBST(BDB_LIBS) |
535 |
++AC_SUBST(MDB_LIBS) |
536 |
+ AC_SUBST(SLAPD_NDB_LIBS) |
537 |
+ AC_SUBST(SLAPD_NDB_INCS) |
538 |
+ AC_SUBST(LTHREAD_LIBS) |
539 |
|
540 |
diff --git a/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch |
541 |
new file mode 100644 |
542 |
index 0000000000..29688fcb14 |
543 |
--- /dev/null |
544 |
+++ b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch |
545 |
@@ -0,0 +1,109 @@ |
546 |
+If GnuTLS is used, the lmpasswd module for USE=samba does not compile. |
547 |
+Forward-port an old Debian patch that upstream never applied. |
548 |
+ |
549 |
+Signed-off-by: Robin H. Johnson <robbat2@g.o> |
550 |
+Signed-off-by: Steffen Hau <steffen@×××××××.de> |
551 |
+X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633 |
552 |
+X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997 |
553 |
+X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 |
554 |
+ |
555 |
+--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700 |
556 |
++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700 |
557 |
+@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8]; |
558 |
+ typedef PK11Context *des_context[1]; |
559 |
+ #define DES_ENCRYPT CKA_ENCRYPT |
560 |
+ |
561 |
++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) |
562 |
++# include <gcrypt.h> |
563 |
++static int gcrypt_init = 0; |
564 |
++ |
565 |
++typedef const void* des_key; |
566 |
++typedef unsigned char DES_cblock[8]; |
567 |
++typedef DES_cblock des_data_block; |
568 |
++typedef int DES_key_schedule; /* unused */ |
569 |
++typedef DES_key_schedule des_context; /* unused */ |
570 |
++#define des_failed(encrypted) 0 |
571 |
++#define des_finish(key, schedule) |
572 |
++ |
573 |
++#define DES_set_key_unchecked( key, key_sched ) \ |
574 |
++ gcry_cipher_setkey( hd, key, 8 ) |
575 |
++ |
576 |
++#define DES_ecb_encrypt( input, output, key_sched, enc ) \ |
577 |
++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 ) |
578 |
++ |
579 |
++#define DES_set_odd_parity( key ) do {} while(0) |
580 |
++ |
581 |
+ #endif |
582 |
+ |
583 |
+ #endif /* SLAPD_LMHASH */ |
584 |
+@@ -651,7 +671,7 @@ static int chk_md5( |
585 |
+ |
586 |
+ #ifdef SLAPD_LMHASH |
587 |
+ |
588 |
+-#if defined(HAVE_OPENSSL) |
589 |
++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H) |
590 |
+ |
591 |
+ /* |
592 |
+ * abstract away setting the parity. |
593 |
+@@ -841,6 +861,19 @@ static int chk_lanman( |
594 |
+ des_data_block StdText = "KGS!@#$%"; |
595 |
+ des_data_block PasswordHash1, PasswordHash2; |
596 |
+ char PasswordHash[33], storedPasswordHash[33]; |
597 |
++ |
598 |
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) |
599 |
++ gcry_cipher_hd_t hd; |
600 |
++ |
601 |
++ if ( !gcrypt_init ) { |
602 |
++ gcry_check_version( GCRYPT_VERSION ); |
603 |
++ gcrypt_init = 1; |
604 |
++ } |
605 |
++ |
606 |
++ schedule = schedule; /* unused - avoid warning */ |
607 |
++ |
608 |
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); |
609 |
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ |
610 |
+ |
611 |
+ for( i=0; i<cred->bv_len; i++) { |
612 |
+ if(cred->bv_val[i] == '\0') { |
613 |
+@@ -883,6 +916,10 @@ static int chk_lanman( |
614 |
+ strncpy( storedPasswordHash, passwd->bv_val, 32 ); |
615 |
+ storedPasswordHash[32] = '\0'; |
616 |
+ ldap_pvt_str2lower( storedPasswordHash ); |
617 |
++ |
618 |
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) |
619 |
++ gcry_cipher_close( hd ); |
620 |
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ |
621 |
+ |
622 |
+ return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; |
623 |
+ } |
624 |
+@@ -1138,6 +1175,19 @@ static int hash_lanman( |
625 |
+ des_data_block PasswordHash1, PasswordHash2; |
626 |
+ char PasswordHash[33]; |
627 |
+ |
628 |
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) |
629 |
++ gcry_cipher_hd_t hd; |
630 |
++ |
631 |
++ if ( !gcrypt_init ) { |
632 |
++ gcry_check_version( GCRYPT_VERSION ); |
633 |
++ gcrypt_init = 1; |
634 |
++ } |
635 |
++ |
636 |
++ schedule = schedule; /* unused - avoid warning */ |
637 |
++ |
638 |
++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); |
639 |
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ |
640 |
++ |
641 |
+ for( i=0; i<passwd->bv_len; i++) { |
642 |
+ if(passwd->bv_val[i] == '\0') { |
643 |
+ return LUTIL_PASSWD_ERR; /* NUL character in password */ |
644 |
+@@ -1168,6 +1218,10 @@ static int hash_lanman( |
645 |
+ |
646 |
+ hash->bv_val = PasswordHash; |
647 |
+ hash->bv_len = 32; |
648 |
++ |
649 |
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) |
650 |
++ gcry_cipher_close( hd ); |
651 |
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ |
652 |
+ |
653 |
+ return pw_string( scheme, hash ); |
654 |
+ } |
655 |
|
656 |
diff --git a/net-nds/openldap/files/openldap-2.4.45-libressl.patch b/net-nds/openldap/files/openldap-2.4.45-libressl.patch |
657 |
new file mode 100644 |
658 |
index 0000000000..20a65a4e0f |
659 |
--- /dev/null |
660 |
+++ b/net-nds/openldap/files/openldap-2.4.45-libressl.patch |
661 |
@@ -0,0 +1,65 @@ |
662 |
+--- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC |
663 |
++++ libraries/libldap/tls_o.c |
664 |
+@@ -47,7 +47,7 @@ |
665 |
+ #include <ssl.h> |
666 |
+ #endif |
667 |
+ |
668 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000 |
669 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) |
670 |
+ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) |
671 |
+ #endif |
672 |
+ |
673 |
+@@ -157,7 +157,7 @@ tlso_init( void ) |
674 |
+ (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); |
675 |
+ #endif |
676 |
+ |
677 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
678 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) |
679 |
+ SSL_load_error_strings(); |
680 |
+ SSL_library_init(); |
681 |
+ OpenSSL_add_all_digests(); |
682 |
+@@ -205,7 +205,7 @@ static void |
683 |
+ tlso_ctx_ref( tls_ctx *ctx ) |
684 |
+ { |
685 |
+ tlso_ctx *c = (tlso_ctx *)ctx; |
686 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
687 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) |
688 |
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) |
689 |
+ #endif |
690 |
+ SSL_CTX_up_ref( c ); |
691 |
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * |
692 |
+ if (!x) return LDAP_INVALID_CREDENTIALS; |
693 |
+ |
694 |
+ xn = X509_get_subject_name(x); |
695 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
696 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) |
697 |
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL ); |
698 |
+ der_dn->bv_val = xn->bytes->data; |
699 |
+ #else |
700 |
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval |
701 |
+ return LDAP_INVALID_CREDENTIALS; |
702 |
+ |
703 |
+ xn = X509_get_subject_name(x); |
704 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
705 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) |
706 |
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL ); |
707 |
+ der_dn->bv_val = xn->bytes->data; |
708 |
+ #else |
709 |
+@@ -721,7 +721,7 @@ struct tls_data { |
710 |
+ Sockbuf_IO_Desc *sbiod; |
711 |
+ }; |
712 |
+ |
713 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
714 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) |
715 |
+ #define BIO_set_init(b, x) b->init = x |
716 |
+ #define BIO_set_data(b, x) b->ptr = x |
717 |
+ #define BIO_clear_flags(b, x) b->flags &= ~(x) |
718 |
+@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) |
719 |
+ return tlso_bio_write( b, str, strlen( str ) ); |
720 |
+ } |
721 |
+ |
722 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000 |
723 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) |
724 |
+ struct bio_method_st { |
725 |
+ int type; |
726 |
+ const char *name; |
727 |
|
728 |
diff --git a/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch |
729 |
new file mode 100644 |
730 |
index 0000000000..33ff29e0ae |
731 |
--- /dev/null |
732 |
+++ b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch |
733 |
@@ -0,0 +1,192 @@ |
734 |
+diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h |
735 |
+--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 |
736 |
++++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100 |
737 |
+@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P(( |
738 |
+ LDAPControl **ctrls, |
739 |
+ LDAPDerefRes **drp )); |
740 |
+ |
741 |
++/* |
742 |
++ * hacks for NTLM |
743 |
++ */ |
744 |
++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) |
745 |
++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) |
746 |
++LDAP_F( int ) |
747 |
++ldap_ntlm_bind LDAP_P(( |
748 |
++ LDAP *ld, |
749 |
++ LDAP_CONST char *dn, |
750 |
++ ber_tag_t tag, |
751 |
++ struct berval *cred, |
752 |
++ LDAPControl **sctrls, |
753 |
++ LDAPControl **cctrls, |
754 |
++ int *msgidp )); |
755 |
++LDAP_F( int ) |
756 |
++ldap_parse_ntlm_bind_result LDAP_P(( |
757 |
++ LDAP *ld, |
758 |
++ LDAPMessage *res, |
759 |
++ struct berval *challenge)); |
760 |
++ |
761 |
++ |
762 |
+ LDAP_END_DECL |
763 |
+ #endif /* _LDAP_H */ |
764 |
+diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in |
765 |
+--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 |
766 |
++++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100 |
767 |
+@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur |
768 |
+ SRCS = bind.c open.c result.c error.c compare.c search.c \ |
769 |
+ controls.c messages.c references.c extended.c cyrus.c \ |
770 |
+ modify.c add.c modrdn.c delete.c abandon.c \ |
771 |
+- sasl.c gssapi.c sbind.c unbind.c cancel.c \ |
772 |
++ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \ |
773 |
+ filter.c free.c sort.c passwd.c whoami.c \ |
774 |
+ getdn.c getentry.c getattr.c getvalues.c addentry.c \ |
775 |
+ request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ |
776 |
+@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c co |
777 |
+ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ |
778 |
+ controls.lo messages.lo references.lo extended.lo cyrus.lo \ |
779 |
+ modify.lo add.lo modrdn.lo delete.lo abandon.lo \ |
780 |
+- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ |
781 |
++ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ |
782 |
+ filter.lo free.lo sort.lo passwd.lo whoami.lo \ |
783 |
+ getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ |
784 |
+ request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ |
785 |
+diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c |
786 |
+--- /dev/null 2009-02-17 09:19:52.829004420 +0100 |
787 |
++++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100 |
788 |
+@@ -0,0 +1,137 @@ |
789 |
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ |
790 |
++/* |
791 |
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. |
792 |
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file |
793 |
++ */ |
794 |
++ |
795 |
++/* Mostly copied from sasl.c */ |
796 |
++ |
797 |
++#include "portable.h" |
798 |
++ |
799 |
++#include <stdlib.h> |
800 |
++#include <stdio.h> |
801 |
++ |
802 |
++#include <ac/socket.h> |
803 |
++#include <ac/string.h> |
804 |
++#include <ac/time.h> |
805 |
++#include <ac/errno.h> |
806 |
++ |
807 |
++#include "ldap-int.h" |
808 |
++ |
809 |
++int |
810 |
++ldap_ntlm_bind( |
811 |
++ LDAP *ld, |
812 |
++ LDAP_CONST char *dn, |
813 |
++ ber_tag_t tag, |
814 |
++ struct berval *cred, |
815 |
++ LDAPControl **sctrls, |
816 |
++ LDAPControl **cctrls, |
817 |
++ int *msgidp ) |
818 |
++{ |
819 |
++ BerElement *ber; |
820 |
++ int rc; |
821 |
++ ber_int_t id; |
822 |
++ |
823 |
++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); |
824 |
++ |
825 |
++ assert( ld != NULL ); |
826 |
++ assert( LDAP_VALID( ld ) ); |
827 |
++ assert( msgidp != NULL ); |
828 |
++ |
829 |
++ if( msgidp == NULL ) { |
830 |
++ ld->ld_errno = LDAP_PARAM_ERROR; |
831 |
++ return ld->ld_errno; |
832 |
++ } |
833 |
++ |
834 |
++ /* create a message to send */ |
835 |
++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { |
836 |
++ ld->ld_errno = LDAP_NO_MEMORY; |
837 |
++ return ld->ld_errno; |
838 |
++ } |
839 |
++ |
840 |
++ assert( LBER_VALID( ber ) ); |
841 |
++ |
842 |
++ LDAP_NEXT_MSGID( ld, id ); |
843 |
++ rc = ber_printf( ber, "{it{istON}" /*}*/, |
844 |
++ id, LDAP_REQ_BIND, |
845 |
++ ld->ld_version, dn, tag, |
846 |
++ cred ); |
847 |
++ |
848 |
++ /* Put Server Controls */ |
849 |
++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { |
850 |
++ ber_free( ber, 1 ); |
851 |
++ return ld->ld_errno; |
852 |
++ } |
853 |
++ |
854 |
++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { |
855 |
++ ld->ld_errno = LDAP_ENCODING_ERROR; |
856 |
++ ber_free( ber, 1 ); |
857 |
++ return ld->ld_errno; |
858 |
++ } |
859 |
++ |
860 |
++ /* send the message */ |
861 |
++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); |
862 |
++ |
863 |
++ if(*msgidp < 0) |
864 |
++ return ld->ld_errno; |
865 |
++ |
866 |
++ return LDAP_SUCCESS; |
867 |
++} |
868 |
++ |
869 |
++int |
870 |
++ldap_parse_ntlm_bind_result( |
871 |
++ LDAP *ld, |
872 |
++ LDAPMessage *res, |
873 |
++ struct berval *challenge) |
874 |
++{ |
875 |
++ ber_int_t errcode; |
876 |
++ ber_tag_t tag; |
877 |
++ BerElement *ber; |
878 |
++ ber_len_t len; |
879 |
++ |
880 |
++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); |
881 |
++ |
882 |
++ assert( ld != NULL ); |
883 |
++ assert( LDAP_VALID( ld ) ); |
884 |
++ assert( res != NULL ); |
885 |
++ |
886 |
++ if ( ld == NULL || res == NULL ) { |
887 |
++ return LDAP_PARAM_ERROR; |
888 |
++ } |
889 |
++ |
890 |
++ if( res->lm_msgtype != LDAP_RES_BIND ) { |
891 |
++ ld->ld_errno = LDAP_PARAM_ERROR; |
892 |
++ return ld->ld_errno; |
893 |
++ } |
894 |
++ |
895 |
++ if ( ld->ld_error ) { |
896 |
++ LDAP_FREE( ld->ld_error ); |
897 |
++ ld->ld_error = NULL; |
898 |
++ } |
899 |
++ if ( ld->ld_matched ) { |
900 |
++ LDAP_FREE( ld->ld_matched ); |
901 |
++ ld->ld_matched = NULL; |
902 |
++ } |
903 |
++ |
904 |
++ /* parse results */ |
905 |
++ |
906 |
++ ber = ber_dup( res->lm_ber ); |
907 |
++ |
908 |
++ if( ber == NULL ) { |
909 |
++ ld->ld_errno = LDAP_NO_MEMORY; |
910 |
++ return ld->ld_errno; |
911 |
++ } |
912 |
++ |
913 |
++ tag = ber_scanf( ber, "{ioa" /*}*/, |
914 |
++ &errcode, challenge, &ld->ld_error ); |
915 |
++ ber_free( ber, 0 ); |
916 |
++ |
917 |
++ if( tag == LBER_ERROR ) { |
918 |
++ ld->ld_errno = LDAP_DECODING_ERROR; |
919 |
++ return ld->ld_errno; |
920 |
++ } |
921 |
++ |
922 |
++ ld->ld_errno = errcode; |
923 |
++ |
924 |
++ return( ld->ld_errno ); |
925 |
++} |
926 |
|
927 |
diff --git a/net-nds/openldap/files/slapd-confd-2.4.28-r1 b/net-nds/openldap/files/slapd-confd-2.4.28-r1 |
928 |
new file mode 100644 |
929 |
index 0000000000..ef19899a37 |
930 |
--- /dev/null |
931 |
+++ b/net-nds/openldap/files/slapd-confd-2.4.28-r1 |
932 |
@@ -0,0 +1,26 @@ |
933 |
+# conf.d file for openldap |
934 |
+# |
935 |
+# To enable both the standard unciphered server and the ssl encrypted |
936 |
+# one uncomment this line or set any other server starting options |
937 |
+# you may desire. |
938 |
+ |
939 |
+# If you have multiple slapd instances per #376699, this will provide a default config |
940 |
+INSTANCE="openldap${SVCNAME#slapd}" |
941 |
+ |
942 |
+# If you use the classical configuration file: |
943 |
+OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" |
944 |
+# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 |
945 |
+#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" |
946 |
+# (the OPTS_CONF variable is also passed to slaptest during startup) |
947 |
+ |
948 |
+OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" |
949 |
+# Optional connectionless LDAP: |
950 |
+#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" |
951 |
+ |
952 |
+# If you change the above listen statement to bind on a specific IP for |
953 |
+# listening, you should ensure that interface is up here (change eth0 as |
954 |
+# needed). |
955 |
+#rc_need="net.eth0" |
956 |
+ |
957 |
+# Specify the kerberos keytab file |
958 |
+#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab |
959 |
|
960 |
diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r2 b/net-nds/openldap/files/slapd-initd-2.4.40-r2 |
961 |
new file mode 100644 |
962 |
index 0000000000..9c4e6818da |
963 |
--- /dev/null |
964 |
+++ b/net-nds/openldap/files/slapd-initd-2.4.40-r2 |
965 |
@@ -0,0 +1,64 @@ |
966 |
+#!/sbin/openrc-run |
967 |
+# Copyright 1999-2018 Gentoo Foundation |
968 |
+# Distributed under the terms of the GNU General Public License v2 |
969 |
+ |
970 |
+extra_commands="checkconfig" |
971 |
+ |
972 |
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" |
973 |
+PIDDIR=/run/openldap |
974 |
+PIDFILE=$PIDDIR/$SVCNAME.pid |
975 |
+ |
976 |
+depend() { |
977 |
+ need net |
978 |
+ before dbus hald avahi-daemon |
979 |
+ provide ldap |
980 |
+} |
981 |
+ |
982 |
+start() { |
983 |
+ checkpath -q -d ${PIDDIR} -o ldap:ldap |
984 |
+ if ! checkconfig -Q ; then |
985 |
+ eerror "There is a problem with your slapd.conf!" |
986 |
+ return 1 |
987 |
+ fi |
988 |
+ ebegin "Starting ldap-server" |
989 |
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME |
990 |
+ eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" |
991 |
+ eend $? |
992 |
+} |
993 |
+ |
994 |
+stop() { |
995 |
+ ebegin "Stopping ldap-server" |
996 |
+ start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE} |
997 |
+ eend $? |
998 |
+} |
999 |
+ |
1000 |
+checkconfig() { |
1001 |
+ # checks requested by bug #502948 |
1002 |
+ # Step 1: extract the last valid config file or config dir |
1003 |
+ set -- $OPTS |
1004 |
+ while [ -n "$*" ]; do |
1005 |
+ opt=$1 ; shift |
1006 |
+ if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then |
1007 |
+ CONF=$1 |
1008 |
+ shift |
1009 |
+ fi |
1010 |
+ done |
1011 |
+ set -- |
1012 |
+ # Fallback |
1013 |
+ CONF=${CONF-/etc/openldap/slapd.conf} |
1014 |
+ [ -d $CONF ] && CONF=${CONF}/* |
1015 |
+ DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \\$2}"' $CONF` |
1016 |
+ for d in $DBDIRS; do |
1017 |
+ if [ ! -d $d ]; then |
1018 |
+ eerror "Directory $d in config does not exist!" |
1019 |
+ return 1 |
1020 |
+ fi |
1021 |
+ /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq . |
1022 |
+ if [ $? -ne 0 ]; then |
1023 |
+ ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!" |
1024 |
+ fi |
1025 |
+ [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal" |
1026 |
+ done |
1027 |
+ # now test the config fully |
1028 |
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF} |
1029 |
+} |
1030 |
|
1031 |
diff --git a/net-nds/openldap/files/slapd.service b/net-nds/openldap/files/slapd.service |
1032 |
new file mode 100644 |
1033 |
index 0000000000..3427b87e93 |
1034 |
--- /dev/null |
1035 |
+++ b/net-nds/openldap/files/slapd.service |
1036 |
@@ -0,0 +1,12 @@ |
1037 |
+[Unit] |
1038 |
+Description=OpenLDAP Server Daemon |
1039 |
+After=network.target |
1040 |
+ |
1041 |
+[Service] |
1042 |
+Type=forking |
1043 |
+PIDFile=/run/openldap/slapd.pid |
1044 |
+ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS |
1045 |
+ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS |
1046 |
+ |
1047 |
+[Install] |
1048 |
+WantedBy=multi-user.target |
1049 |
|
1050 |
diff --git a/net-nds/openldap/files/slapd.service.conf b/net-nds/openldap/files/slapd.service.conf |
1051 |
new file mode 100644 |
1052 |
index 0000000000..812ea68ed4 |
1053 |
--- /dev/null |
1054 |
+++ b/net-nds/openldap/files/slapd.service.conf |
1055 |
@@ -0,0 +1,12 @@ |
1056 |
+[Service] |
1057 |
+# Use the classical configuration file: |
1058 |
+#Environment="SLAPD_OPTIONS=-f /etc/openldap/slapd.conf" |
1059 |
+# Use the slapd configuration directory: |
1060 |
+#Environment="SLAPD_OPTIONS=-F /etc/openldap/slapd.d" |
1061 |
+ |
1062 |
+Environment="SLAPD_URLS=ldaps:/// ldap:/// ldapi:///" |
1063 |
+# Other examples: |
1064 |
+#Environment="SLAPD_URLS=ldap://127.0.0.1/ ldap://10.0.0.1:1389/ cldap:///" |
1065 |
+ |
1066 |
+# Specify the kerberos keytab file |
1067 |
+#Environment=KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab |
1068 |
|
1069 |
diff --git a/net-nds/openldap/files/slapd.tmpfilesd b/net-nds/openldap/files/slapd.tmpfilesd |
1070 |
new file mode 100644 |
1071 |
index 0000000000..634cea1642 |
1072 |
--- /dev/null |
1073 |
+++ b/net-nds/openldap/files/slapd.tmpfilesd |
1074 |
@@ -0,0 +1,2 @@ |
1075 |
+# openldap runtime directory for slapd.arg and slapd.pid |
1076 |
+d /run/openldap 0755 ldap ldap - |
1077 |
|
1078 |
diff --git a/net-nds/openldap/metadata.xml b/net-nds/openldap/metadata.xml |
1079 |
new file mode 100644 |
1080 |
index 0000000000..6cea2f2e32 |
1081 |
--- /dev/null |
1082 |
+++ b/net-nds/openldap/metadata.xml |
1083 |
@@ -0,0 +1,20 @@ |
1084 |
+<?xml version="1.0" encoding="UTF-8"?> |
1085 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
1086 |
+<pkgmetadata> |
1087 |
+ <maintainer type="project"> |
1088 |
+ <email>ldap-bugs@g.o</email> |
1089 |
+ </maintainer> |
1090 |
+ <use> |
1091 |
+ <flag name="experimental">Enable experimental backend options</flag> |
1092 |
+ <flag name="kinit">Enable support for kerberos init</flag> |
1093 |
+ <flag name="odbc">Enable ODBC and SQL backend options</flag> |
1094 |
+ <flag name="overlays">Enable contributed OpenLDAP overlays</flag> |
1095 |
+ <flag name="smbkrb5passwd">Enable overlay for syncing ldap, unix and lanman passwords</flag> |
1096 |
+ <flag name="minimal">Build libraries & userspace tools only. Does not install any server code</flag> |
1097 |
+ <flag name="pbkdf2">Enable support for pbkdf2 passwords</flag> |
1098 |
+ <flag name="sha2">Enable support for pw-sha2 password hashes</flag> |
1099 |
+ </use> |
1100 |
+ <upstream> |
1101 |
+ <remote-id type="cpe">cpe:/a:openldap:openldap</remote-id> |
1102 |
+ </upstream> |
1103 |
+</pkgmetadata> |
1104 |
|
1105 |
diff --git a/net-nds/openldap/openldap-2.4.45.ebuild b/net-nds/openldap/openldap-2.4.45.ebuild |
1106 |
new file mode 100644 |
1107 |
index 0000000000..e6bf0b44ed |
1108 |
--- /dev/null |
1109 |
+++ b/net-nds/openldap/openldap-2.4.45.ebuild |
1110 |
@@ -0,0 +1,886 @@ |
1111 |
+# Copyright 1999-2018 Gentoo Foundation |
1112 |
+# Distributed under the terms of the GNU General Public License v2 |
1113 |
+ |
1114 |
+EAPI="5" |
1115 |
+ |
1116 |
+inherit db-use eutils flag-o-matic multilib multilib-minimal ssl-cert versionator toolchain-funcs autotools user systemd |
1117 |
+ |
1118 |
+BIS_PN=rfc2307bis.schema |
1119 |
+BIS_PV=20140524 |
1120 |
+BIS_P="${BIS_PN}-${BIS_PV}" |
1121 |
+ |
1122 |
+DESCRIPTION="LDAP suite of application and development tools" |
1123 |
+HOMEPAGE="http://www.OpenLDAP.org/" |
1124 |
+ |
1125 |
+# mirrors are mostly not working, using canonical URI |
1126 |
+SRC_URI="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz |
1127 |
+ mirror://gentoo/${BIS_P}" |
1128 |
+ |
1129 |
+LICENSE="OPENLDAP GPL-2" |
1130 |
+SLOT="0" |
1131 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris ~x86-winnt" |
1132 |
+ |
1133 |
+IUSE_DAEMON="crypt samba slp tcpd experimental minimal" |
1134 |
+IUSE_BACKEND="+berkdb" |
1135 |
+IUSE_OVERLAY="overlays perl" |
1136 |
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 libressl +syslog selinux static-libs" |
1137 |
+IUSE_CONTRIB="smbkrb5passwd kerberos kinit pbkdf2 sha2" |
1138 |
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx" |
1139 |
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}" |
1140 |
+ |
1141 |
+REQUIRED_USE="cxx? ( sasl ) |
1142 |
+ ?? ( gnutls libressl ) |
1143 |
+ pbkdf2? ( ssl )" |
1144 |
+ |
1145 |
+# always list newer first |
1146 |
+# Do not add any AGPL-3 BDB here! |
1147 |
+# See bug 525110, comment 15. |
1148 |
+# Advanced usage: OPENLDAP_BDB_SLOTS in the environment can be used to force a slot during build. |
1149 |
+BDB_SLOTS="${OPENLDAP_BDB_SLOTS:=5.3 5.1 4.8 4.7 4.6 4.5 4.4}" |
1150 |
+BDB_PKGS='' |
1151 |
+for _slot in $BDB_SLOTS; do BDB_PKGS="${BDB_PKGS} sys-libs/db:${_slot}" ; done |
1152 |
+ |
1153 |
+# openssl is needed to generate lanman-passwords required by samba |
1154 |
+CDEPEND=" |
1155 |
+ ssl? ( |
1156 |
+ !gnutls? ( |
1157 |
+ !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] ) |
1158 |
+ ) |
1159 |
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6[${MULTILIB_USEDEP}] |
1160 |
+ libressl? ( dev-libs/libressl[${MULTILIB_USEDEP}] ) |
1161 |
+ >=dev-libs/libgcrypt-1.5.3:0[${MULTILIB_USEDEP}] ) ) |
1162 |
+ sasl? ( dev-libs/cyrus-sasl:= ) |
1163 |
+ !minimal? ( |
1164 |
+ sys-devel/libtool |
1165 |
+ sys-libs/e2fsprogs-libs |
1166 |
+ >=dev-db/lmdb-0.9.18:= |
1167 |
+ tcpd? ( sys-apps/tcp-wrappers ) |
1168 |
+ odbc? ( !iodbc? ( dev-db/unixODBC ) |
1169 |
+ iodbc? ( dev-db/libiodbc ) ) |
1170 |
+ slp? ( net-libs/openslp ) |
1171 |
+ perl? ( dev-lang/perl:=[-build(-)] ) |
1172 |
+ samba? ( |
1173 |
+ !libressl? ( dev-libs/openssl:0= ) |
1174 |
+ libressl? ( dev-libs/libressl ) |
1175 |
+ ) |
1176 |
+ berkdb? ( |
1177 |
+ <sys-libs/db-6.0:= |
1178 |
+ || ( ${BDB_PKGS} ) |
1179 |
+ ) |
1180 |
+ smbkrb5passwd? ( |
1181 |
+ !libressl? ( dev-libs/openssl:0= ) |
1182 |
+ libressl? ( dev-libs/libressl ) |
1183 |
+ kerberos? ( app-crypt/heimdal ) |
1184 |
+ ) |
1185 |
+ kerberos? ( |
1186 |
+ virtual/krb5 |
1187 |
+ kinit? ( !app-crypt/heimdal ) |
1188 |
+ ) |
1189 |
+ cxx? ( dev-libs/cyrus-sasl:= ) |
1190 |
+ )" |
1191 |
+DEPEND="${CDEPEND} |
1192 |
+ sys-apps/groff" |
1193 |
+RDEPEND="${CDEPEND} |
1194 |
+ selinux? ( sec-policy/selinux-ldap ) |
1195 |
+" |
1196 |
+# for tracking versions |
1197 |
+OPENLDAP_VERSIONTAG=".version-tag" |
1198 |
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data" |
1199 |
+ |
1200 |
+MULTILIB_WRAPPED_HEADERS=( |
1201 |
+ # USE=cxx |
1202 |
+ /usr/include/LDAPAsynConnection.h |
1203 |
+ /usr/include/LDAPAttrType.h |
1204 |
+ /usr/include/LDAPAttribute.h |
1205 |
+ /usr/include/LDAPAttributeList.h |
1206 |
+ /usr/include/LDAPConnection.h |
1207 |
+ /usr/include/LDAPConstraints.h |
1208 |
+ /usr/include/LDAPControl.h |
1209 |
+ /usr/include/LDAPControlSet.h |
1210 |
+ /usr/include/LDAPEntry.h |
1211 |
+ /usr/include/LDAPEntryList.h |
1212 |
+ /usr/include/LDAPException.h |
1213 |
+ /usr/include/LDAPExtResult.h |
1214 |
+ /usr/include/LDAPMessage.h |
1215 |
+ /usr/include/LDAPMessageQueue.h |
1216 |
+ /usr/include/LDAPModList.h |
1217 |
+ /usr/include/LDAPModification.h |
1218 |
+ /usr/include/LDAPObjClass.h |
1219 |
+ /usr/include/LDAPRebind.h |
1220 |
+ /usr/include/LDAPRebindAuth.h |
1221 |
+ /usr/include/LDAPReferenceList.h |
1222 |
+ /usr/include/LDAPResult.h |
1223 |
+ /usr/include/LDAPSaslBindResult.h |
1224 |
+ /usr/include/LDAPSchema.h |
1225 |
+ /usr/include/LDAPSearchReference.h |
1226 |
+ /usr/include/LDAPSearchResult.h |
1227 |
+ /usr/include/LDAPSearchResults.h |
1228 |
+ /usr/include/LDAPUrl.h |
1229 |
+ /usr/include/LDAPUrlList.h |
1230 |
+ /usr/include/LdifReader.h |
1231 |
+ /usr/include/LdifWriter.h |
1232 |
+ /usr/include/SaslInteraction.h |
1233 |
+ /usr/include/SaslInteractionHandler.h |
1234 |
+ /usr/include/StringList.h |
1235 |
+ /usr/include/TlsOptions.h |
1236 |
+) |
1237 |
+ |
1238 |
+openldap_filecount() { |
1239 |
+ local dir="$1" |
1240 |
+ find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG*' | wc -l |
1241 |
+} |
1242 |
+ |
1243 |
+openldap_find_versiontags() { |
1244 |
+ # scan for all datadirs |
1245 |
+ openldap_datadirs="" |
1246 |
+ if [ -f "${EROOT}"/etc/openldap/slapd.conf ]; then |
1247 |
+ openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${EROOT}/etc/openldap/slapd.conf)" |
1248 |
+ fi |
1249 |
+ openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}" |
1250 |
+ |
1251 |
+ einfo |
1252 |
+ einfo "Scanning datadir(s) from slapd.conf and" |
1253 |
+ einfo "the default installdir for Versiontags" |
1254 |
+ einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)" |
1255 |
+ einfo |
1256 |
+ |
1257 |
+ # scan datadirs if we have a version tag |
1258 |
+ openldap_found_tag=0 |
1259 |
+ have_files=0 |
1260 |
+ for each in ${openldap_datadirs}; do |
1261 |
+ CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"` |
1262 |
+ CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG} |
1263 |
+ if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then |
1264 |
+ einfo "- Checking ${each}..." |
1265 |
+ if [ -r ${CURRENT_TAG} ] ; then |
1266 |
+ # yey, we have one :) |
1267 |
+ einfo " Found Versiontag in ${each}" |
1268 |
+ source ${CURRENT_TAG} |
1269 |
+ if [ "${OLDPF}" == "" ] ; then |
1270 |
+ eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}" |
1271 |
+ eerror "Please delete it" |
1272 |
+ eerror |
1273 |
+ die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}" |
1274 |
+ fi |
1275 |
+ |
1276 |
+ OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}` |
1277 |
+ |
1278 |
+ [ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1 |
1279 |
+ |
1280 |
+ # are we on the same branch? |
1281 |
+ if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then |
1282 |
+ ewarn " Versiontag doesn't match current major release!" |
1283 |
+ if [[ "${have_files}" == "1" ]] ; then |
1284 |
+ eerror " Versiontag says other major and you (probably) have datafiles!" |
1285 |
+ echo |
1286 |
+ openldap_upgrade_howto |
1287 |
+ else |
1288 |
+ einfo " No real problem, seems there's no database." |
1289 |
+ fi |
1290 |
+ else |
1291 |
+ einfo " Versiontag is fine here :)" |
1292 |
+ fi |
1293 |
+ else |
1294 |
+ einfo " Non-tagged dir ${each}" |
1295 |
+ [ $(openldap_filecount ${each}) -gt 0 ] && have_files=1 |
1296 |
+ if [[ "${have_files}" == "1" ]] ; then |
1297 |
+ einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files" |
1298 |
+ echo |
1299 |
+ |
1300 |
+ eerror |
1301 |
+ eerror "Your OpenLDAP Installation has a non tagged datadir that" |
1302 |
+ eerror "possibly contains a database at ${CURRENT_TAGDIR}" |
1303 |
+ eerror |
1304 |
+ eerror "Please export data if any entered and empty or remove" |
1305 |
+ eerror "the directory, installation has been stopped so you" |
1306 |
+ eerror "can take required action" |
1307 |
+ eerror |
1308 |
+ eerror "For a HOWTO on exporting the data, see instructions in the ebuild" |
1309 |
+ eerror |
1310 |
+ openldap_upgrade_howto |
1311 |
+ die "Please move the datadir ${CURRENT_TAGDIR} away" |
1312 |
+ fi |
1313 |
+ fi |
1314 |
+ einfo |
1315 |
+ fi |
1316 |
+ done |
1317 |
+ [ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present" |
1318 |
+ |
1319 |
+ # Now we must check for the major version of sys-libs/db linked against. |
1320 |
+ SLAPD_PATH=${EROOT}/usr/$(get_libdir)/openldap/slapd |
1321 |
+ if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then |
1322 |
+ OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \ |
1323 |
+ | awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')" |
1324 |
+ if use berkdb; then |
1325 |
+ # find which one would be used |
1326 |
+ for bdb_slot in $BDB_SLOTS ; do |
1327 |
+ NEWVER="$(db_findver "=sys-libs/db-${bdb_slot}*")" |
1328 |
+ [[ -n "$NEWVER" ]] && break |
1329 |
+ done |
1330 |
+ fi |
1331 |
+ local fail=0 |
1332 |
+ if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then |
1333 |
+ : |
1334 |
+ # Nothing wrong here. |
1335 |
+ elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then |
1336 |
+ eerror " Your existing version of OpenLDAP was not built against" |
1337 |
+ eerror " any version of sys-libs/db, but the new one will build" |
1338 |
+ eerror " against ${NEWVER} and your database may be inaccessible." |
1339 |
+ echo |
1340 |
+ fail=1 |
1341 |
+ elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then |
1342 |
+ eerror " Your existing version of OpenLDAP was built against" |
1343 |
+ eerror " sys-libs/db:${OLDVER}, but the new one will not be" |
1344 |
+ eerror " built against any version and your database may be" |
1345 |
+ eerror " inaccessible." |
1346 |
+ echo |
1347 |
+ fail=1 |
1348 |
+ elif [ "${OLDVER}" != "${NEWVER}" ]; then |
1349 |
+ eerror " Your existing version of OpenLDAP was built against" |
1350 |
+ eerror " sys-libs/db:${OLDVER}, but the new one will build against" |
1351 |
+ eerror " ${NEWVER} and your database would be inaccessible." |
1352 |
+ echo |
1353 |
+ fail=1 |
1354 |
+ fi |
1355 |
+ [ "${fail}" == "1" ] && openldap_upgrade_howto |
1356 |
+ fi |
1357 |
+ |
1358 |
+ echo |
1359 |
+ einfo |
1360 |
+ einfo "All datadirs are fine, proceeding with merge now..." |
1361 |
+ einfo |
1362 |
+} |
1363 |
+ |
1364 |
+openldap_upgrade_howto() { |
1365 |
+ eerror |
1366 |
+ eerror "A (possible old) installation of OpenLDAP was detected," |
1367 |
+ eerror "installation will not proceed for now." |
1368 |
+ eerror |
1369 |
+ eerror "As major version upgrades can corrupt your database," |
1370 |
+ eerror "you need to dump your database and re-create it afterwards." |
1371 |
+ eerror |
1372 |
+ eerror "Additionally, rebuilding against different major versions of the" |
1373 |
+ eerror "sys-libs/db libraries will cause your database to be inaccessible." |
1374 |
+ eerror "" |
1375 |
+ d="$(date -u +%s)" |
1376 |
+ l="/root/ldapdump.${d}" |
1377 |
+ i="${l}.raw" |
1378 |
+ eerror " 1. /etc/init.d/slapd stop" |
1379 |
+ eerror " 2. slapcat -l ${i}" |
1380 |
+ eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}" |
1381 |
+ eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/" |
1382 |
+ eerror " 5. emerge --update \=net-nds/${PF}" |
1383 |
+ eerror " 6. etc-update, and ensure that you apply the changes" |
1384 |
+ eerror " 7. slapadd -l ${l}" |
1385 |
+ eerror " 8. chown ldap:ldap /var/lib/openldap-data/*" |
1386 |
+ eerror " 9. /etc/init.d/slapd start" |
1387 |
+ eerror "10. check that your data is intact." |
1388 |
+ eerror "11. set up the new replication system." |
1389 |
+ eerror |
1390 |
+ if [ "${FORCE_UPGRADE}" != "1" ]; then |
1391 |
+ die "You need to upgrade your database first" |
1392 |
+ else |
1393 |
+ eerror "You have the magical FORCE_UPGRADE=1 in place." |
1394 |
+ eerror "Don't say you weren't warned about data loss." |
1395 |
+ fi |
1396 |
+} |
1397 |
+ |
1398 |
+pkg_setup() { |
1399 |
+ if ! use sasl && use cxx ; then |
1400 |
+ die "To build the ldapc++ library you must emerge openldap with sasl support" |
1401 |
+ fi |
1402 |
+ # Bug #322787 |
1403 |
+ if use minimal && ! has_version "net-nds/openldap" ; then |
1404 |
+ einfo "No datadir scan needed, openldap not installed" |
1405 |
+ elif use minimal && has_version 'net-nds/openldap[minimal]' ; then |
1406 |
+ einfo "Skipping scan for previous datadirs as requested by minimal useflag" |
1407 |
+ else |
1408 |
+ openldap_find_versiontags |
1409 |
+ fi |
1410 |
+ |
1411 |
+ # The user/group are only used for running daemons which are |
1412 |
+ # disabled in minimal builds, so elide the accounts too. |
1413 |
+ if ! use minimal ; then |
1414 |
+ enewgroup ldap 439 |
1415 |
+ enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap |
1416 |
+ fi |
1417 |
+} |
1418 |
+ |
1419 |
+src_prepare() { |
1420 |
+ # ensure correct SLAPI path by default |
1421 |
+ sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "'"${EPREFIX}"'/var/run/openldap/slapd.sock",' \ |
1422 |
+ "${S}"/include/ldap_defaults.h |
1423 |
+ |
1424 |
+ epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch |
1425 |
+ |
1426 |
+ epatch \ |
1427 |
+ "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \ |
1428 |
+ "${FILESDIR}"/${PN}-2.4.15-ppolicy.patch |
1429 |
+ |
1430 |
+ # bug #116045 - still present in 2.4.28 |
1431 |
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-smbk5pwd.patch |
1432 |
+ # bug #408077 - samba4 |
1433 |
+ epatch "${FILESDIR}"/${PN}-2.4.35-contrib-samba4.patch |
1434 |
+ |
1435 |
+ # bug #189817 |
1436 |
+ epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch |
1437 |
+ |
1438 |
+ # bug #233633 |
1439 |
+ epatch "${FILESDIR}"/${PN}-2.4.45-fix-lmpasswd-gnutls-symbols.patch |
1440 |
+ |
1441 |
+ # bug #281495 |
1442 |
+ epatch "${FILESDIR}"/${PN}-2.4.28-gnutls-gcrypt.patch |
1443 |
+ |
1444 |
+ # bug #294350 |
1445 |
+ epatch "${FILESDIR}"/${PN}-2.4.6-evolution-ntlm.patch |
1446 |
+ |
1447 |
+ # unbreak /bin/sh -> dash |
1448 |
+ epatch "${FILESDIR}"/${PN}-2.4.28-fix-dash.patch |
1449 |
+ |
1450 |
+ # bug #420959 |
1451 |
+ epatch "${FILESDIR}"/${PN}-2.4.31-gcc47.patch |
1452 |
+ |
1453 |
+ # bug #622464 |
1454 |
+ epatch "${FILESDIR}"/${PN}-2.4.45-libressl.patch |
1455 |
+ |
1456 |
+ # unbundle lmdb |
1457 |
+ epatch "${FILESDIR}"/${PN}-2.4.42-mdb-unbundle.patch |
1458 |
+ rm -rf "${S}"/libraries/liblmdb |
1459 |
+ |
1460 |
+ epatch_user |
1461 |
+ |
1462 |
+ cd "${S}"/build || die |
1463 |
+ einfo "Making sure upstream build strip does not do stripping too early" |
1464 |
+ sed -i.orig \ |
1465 |
+ -e '/^STRIP/s,-s,,g' \ |
1466 |
+ top.mk || die "Failed to block stripping" |
1467 |
+ |
1468 |
+ # wrong assumption that /bin/sh is /bin/bash |
1469 |
+ sed -i \ |
1470 |
+ -e 's|/bin/sh|/bin/bash|g' \ |
1471 |
+ "${S}"/tests/scripts/* || die "sed failed" |
1472 |
+ |
1473 |
+ sed -i \ |
1474 |
+ -e 's/^\twindres/\t$(RC)/' \ |
1475 |
+ "${S}"/libraries/liblutil/Makefile.in || die |
1476 |
+ |
1477 |
+ cd "${S}" || die |
1478 |
+ |
1479 |
+ AT_NOEAUTOMAKE=yes eautoreconf |
1480 |
+} |
1481 |
+ |
1482 |
+build_contrib_module() { |
1483 |
+ # <dir> <sources> <outputname> |
1484 |
+ cd "${S}/contrib/slapd-modules/$1" || die |
1485 |
+ einfo "Compiling contrib-module: $3" |
1486 |
+ # Make sure it's uppercase |
1487 |
+ local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')" |
1488 |
+ "${lt}" --mode=compile --tag=CC \ |
1489 |
+ "${CC}" \ |
1490 |
+ -D${define_name}=SLAPD_MOD_DYNAMIC \ |
1491 |
+ -I"${BUILD_DIR}"/include \ |
1492 |
+ -I../../../include -I../../../servers/slapd ${CFLAGS} \ |
1493 |
+ -o ${2%.c}.lo -c $2 || die "compiling $3 failed" |
1494 |
+ einfo "Linking contrib-module: $3" |
1495 |
+ "${lt}" --mode=link --tag=CC \ |
1496 |
+ "${CC}" -module \ |
1497 |
+ ${CFLAGS} \ |
1498 |
+ ${LDFLAGS} \ |
1499 |
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1500 |
+ -o $3.la ${2%.c}.lo || die "linking $3 failed" |
1501 |
+} |
1502 |
+ |
1503 |
+src_configure() { |
1504 |
+ # Bug 408001 |
1505 |
+ use elibc_FreeBSD && append-cppflags -DMDB_DSYNC=O_SYNC -DMDB_FDATASYNC=fsync |
1506 |
+ |
1507 |
+ # connectionless ldap per bug #342439 |
1508 |
+ append-cppflags -DLDAP_CONNECTIONLESS |
1509 |
+ |
1510 |
+ multilib-minimal_src_configure |
1511 |
+} |
1512 |
+ |
1513 |
+multilib_src_configure() { |
1514 |
+ local myconf=() |
1515 |
+ |
1516 |
+ use debug && myconf+=( $(use_enable debug) ) |
1517 |
+ |
1518 |
+ # ICU exists only in the configure, nowhere in the codebase, bug #510858 |
1519 |
+ export ac_cv_header_unicode_utypes_h=no ol_cv_lib_icu=no |
1520 |
+ |
1521 |
+ if ! use minimal && multilib_is_native_abi; then |
1522 |
+ local CPPFLAGS=${CPPFLAGS} |
1523 |
+ |
1524 |
+ # re-enable serverside overlay chains per bug #296567 |
1525 |
+ # see ldap docs chaper 12.3.1 for details |
1526 |
+ myconf+=( --enable-ldap ) |
1527 |
+ |
1528 |
+ # backends |
1529 |
+ myconf+=( --enable-slapd ) |
1530 |
+ if use berkdb ; then |
1531 |
+ einfo "Using Berkeley DB for local backend" |
1532 |
+ myconf+=( --enable-bdb --enable-hdb ) |
1533 |
+ DBINCLUDE=$(db_includedir $BDB_SLOTS) |
1534 |
+ einfo "Using $DBINCLUDE for sys-libs/db version" |
1535 |
+ # We need to include the slotted db.h dir for FreeBSD |
1536 |
+ append-cppflags -I${DBINCLUDE} |
1537 |
+ else |
1538 |
+ myconf+=( --disable-bdb --disable-hdb ) |
1539 |
+ fi |
1540 |
+ for backend in dnssrv ldap mdb meta monitor null passwd relay shell sock; do |
1541 |
+ myconf+=( --enable-${backend}=mod ) |
1542 |
+ done |
1543 |
+ |
1544 |
+ myconf+=( $(use_enable perl perl mod) ) |
1545 |
+ |
1546 |
+ myconf+=( $(use_enable odbc sql mod) ) |
1547 |
+ if use odbc ; then |
1548 |
+ local odbc_lib="unixodbc" |
1549 |
+ if use iodbc ; then |
1550 |
+ odbc_lib="iodbc" |
1551 |
+ append-cppflags -I"${EPREFIX}"/usr/include/iodbc |
1552 |
+ fi |
1553 |
+ myconf+=( --with-odbc=${odbc_lib} ) |
1554 |
+ fi |
1555 |
+ |
1556 |
+ # slapd options |
1557 |
+ myconf+=( |
1558 |
+ $(use_enable crypt) |
1559 |
+ $(use_enable slp) |
1560 |
+ $(use_enable samba lmpasswd) |
1561 |
+ $(use_enable syslog) |
1562 |
+ ) |
1563 |
+ if use experimental ; then |
1564 |
+ myconf+=( |
1565 |
+ --enable-dynacl |
1566 |
+ --enable-aci=mod |
1567 |
+ ) |
1568 |
+ fi |
1569 |
+ for option in aci cleartext modules rewrite rlookups slapi; do |
1570 |
+ myconf+=( --enable-${option} ) |
1571 |
+ done |
1572 |
+ |
1573 |
+ # slapd overlay options |
1574 |
+ # Compile-in the syncprov, the others as module |
1575 |
+ myconf+=( --enable-syncprov=yes ) |
1576 |
+ use overlays && myconf+=( --enable-overlays=mod ) |
1577 |
+ |
1578 |
+ else |
1579 |
+ myconf+=( |
1580 |
+ --disable-backends |
1581 |
+ --disable-slapd |
1582 |
+ --disable-bdb |
1583 |
+ --disable-hdb |
1584 |
+ --disable-mdb |
1585 |
+ --disable-overlays |
1586 |
+ --disable-syslog |
1587 |
+ ) |
1588 |
+ fi |
1589 |
+ |
1590 |
+ # basic functionality stuff |
1591 |
+ myconf+=( |
1592 |
+ $(use_enable ipv6) |
1593 |
+ $(multilib_native_use_with sasl cyrus-sasl) |
1594 |
+ $(multilib_native_use_enable sasl spasswd) |
1595 |
+ $(use_enable tcpd wrappers) |
1596 |
+ # kernel_Winnt: Cygwin provides AF_LOCAL, Winnt&Mingw do not |
1597 |
+ --enable-local=$(usex kernel_Winnt auto yes) |
1598 |
+ ) |
1599 |
+ |
1600 |
+ # Some cross-compiling tests don't pan out well. |
1601 |
+ tc-is-cross-compiler && myconf+=( |
1602 |
+ --with-yielding-select=yes |
1603 |
+ ) |
1604 |
+ |
1605 |
+ local ssl_lib="no" |
1606 |
+ if use ssl || ( ! use minimal && use samba ) ; then |
1607 |
+ ssl_lib="openssl" |
1608 |
+ use gnutls && ssl_lib="gnutls" |
1609 |
+ fi |
1610 |
+ |
1611 |
+ myconf+=( --with-tls=${ssl_lib} ) |
1612 |
+ |
1613 |
+ for basicflag in dynamic proctitle shared; do |
1614 |
+ myconf+=( --enable-${basicflag} ) |
1615 |
+ done |
1616 |
+ |
1617 |
+ tc-export AR CC CXX RC |
1618 |
+ ECONF_SOURCE=${S} \ |
1619 |
+ STRIP=/bin/true \ |
1620 |
+ econf \ |
1621 |
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/openldap \ |
1622 |
+ $(use_enable static-libs static) \ |
1623 |
+ "${myconf[@]}" |
1624 |
+ emake depend |
1625 |
+} |
1626 |
+ |
1627 |
+src_configure_cxx() { |
1628 |
+ # This needs the libraries built by the first build run. |
1629 |
+ # So we have to run it AFTER the main build, not just after the main |
1630 |
+ # configure. |
1631 |
+ local myconf_ldapcpp=( |
1632 |
+ --with-ldap-includes="${S}"/include |
1633 |
+ ) |
1634 |
+ |
1635 |
+ mkdir -p "${BUILD_DIR}"/contrib/ldapc++ || die |
1636 |
+ cd "${BUILD_DIR}/contrib/ldapc++" || die |
1637 |
+ |
1638 |
+ local LDFLAGS=${LDFLAGS} CPPFLAGS=${CPPFLAGS} |
1639 |
+ append-ldflags -L"${BUILD_DIR}"/libraries/liblber/.libs \ |
1640 |
+ -L"${BUILD_DIR}"/libraries/libldap/.libs |
1641 |
+ append-cppflags -I"${BUILD_DIR}"/include |
1642 |
+ ECONF_SOURCE=${S}/contrib/ldapc++ \ |
1643 |
+ econf "${myconf_ldapcpp[@]}" \ |
1644 |
+ CC="${CC}" \ |
1645 |
+ CXX="${CXX}" |
1646 |
+} |
1647 |
+ |
1648 |
+multilib_src_compile() { |
1649 |
+ tc-export AR CC CXX RC |
1650 |
+ emake CC="${CC}" AR="${AR}" SHELL="${BASH}" |
1651 |
+ local lt="${BUILD_DIR}/libtool" |
1652 |
+ export echo="echo" |
1653 |
+ |
1654 |
+ if ! use minimal && multilib_is_native_abi ; then |
1655 |
+ if use cxx ; then |
1656 |
+ einfo "Building contrib library: ldapc++" |
1657 |
+ src_configure_cxx |
1658 |
+ cd "${BUILD_DIR}/contrib/ldapc++" || die |
1659 |
+ emake \ |
1660 |
+ CC="${CC}" CXX="${CXX}" |
1661 |
+ fi |
1662 |
+ |
1663 |
+ if use smbkrb5passwd ; then |
1664 |
+ einfo "Building contrib-module: smbk5pwd" |
1665 |
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die |
1666 |
+ |
1667 |
+ MY_DEFS="-DDO_SHADOW" |
1668 |
+ if use samba ; then |
1669 |
+ MY_DEFS="${MY_DEFS} -DDO_SAMBA" |
1670 |
+ MY_KRB5_INC="" |
1671 |
+ fi |
1672 |
+ if use kerberos ; then |
1673 |
+ MY_DEFS="${MY_DEFS} -DDO_KRB5" |
1674 |
+ MY_KRB5_INC="$(krb5-config --cflags)" |
1675 |
+ fi |
1676 |
+ |
1677 |
+ emake \ |
1678 |
+ DEFS="${MY_DEFS}" \ |
1679 |
+ KRB5_INC="${MY_KRB5_INC}" \ |
1680 |
+ LDAP_BUILD="${BUILD_DIR}" \ |
1681 |
+ CC="${CC}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" |
1682 |
+ fi |
1683 |
+ |
1684 |
+ if use overlays ; then |
1685 |
+ einfo "Building contrib-module: samba4" |
1686 |
+ cd "${S}/contrib/slapd-modules/samba4" || die |
1687 |
+ |
1688 |
+ emake \ |
1689 |
+ LDAP_BUILD="${BUILD_DIR}" \ |
1690 |
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" |
1691 |
+ fi |
1692 |
+ |
1693 |
+ if use kerberos ; then |
1694 |
+ if use kinit ; then |
1695 |
+ build_contrib_module "kinit" "kinit.c" "kinit" |
1696 |
+ fi |
1697 |
+ cd "${S}/contrib/slapd-modules/passwd" || die |
1698 |
+ einfo "Compiling contrib-module: pw-kerberos" |
1699 |
+ "${lt}" --mode=compile --tag=CC \ |
1700 |
+ "${CC}" \ |
1701 |
+ -I"${BUILD_DIR}"/include \ |
1702 |
+ -I../../../include \ |
1703 |
+ ${CFLAGS} \ |
1704 |
+ $(krb5-config --cflags) \ |
1705 |
+ -DHAVE_KRB5 \ |
1706 |
+ -o kerberos.lo \ |
1707 |
+ -c kerberos.c || die "compiling pw-kerberos failed" |
1708 |
+ einfo "Linking contrib-module: pw-kerberos" |
1709 |
+ "${lt}" --mode=link --tag=CC \ |
1710 |
+ "${CC}" -module \ |
1711 |
+ ${CFLAGS} \ |
1712 |
+ ${LDFLAGS} \ |
1713 |
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1714 |
+ -o pw-kerberos.la \ |
1715 |
+ kerberos.lo || die "linking pw-kerberos failed" |
1716 |
+ fi |
1717 |
+ |
1718 |
+ if use pbkdf2; then |
1719 |
+ cd "${S}/contrib/slapd-modules/passwd/pbkdf2" || die |
1720 |
+ einfo "Compiling contrib-module: pw-pbkdf2" |
1721 |
+ "${lt}" --mode=compile --tag=CC \ |
1722 |
+ "${CC}" \ |
1723 |
+ -I"${BUILD_DIR}"/include \ |
1724 |
+ -I../../../../include \ |
1725 |
+ ${CFLAGS} \ |
1726 |
+ -o pbkdf2.lo \ |
1727 |
+ -c pw-pbkdf2.c || die "compiling pw-pbkdf2 failed" |
1728 |
+ einfo "Linking contrib-module: pw-pbkdf2" |
1729 |
+ "${lt}" --mode=link --tag=CC \ |
1730 |
+ "${CC}" -module \ |
1731 |
+ ${CFLAGS} \ |
1732 |
+ ${LDFLAGS} \ |
1733 |
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1734 |
+ -o pw-pbkdf2.la \ |
1735 |
+ pbkdf2.lo || die "linking pw-pbkdf2 failed" |
1736 |
+ fi |
1737 |
+ |
1738 |
+ if use sha2 ; then |
1739 |
+ cd "${S}/contrib/slapd-modules/passwd/sha2" || die |
1740 |
+ einfo "Compiling contrib-module: pw-sha2" |
1741 |
+ "${lt}" --mode=compile --tag=CC \ |
1742 |
+ "${CC}" \ |
1743 |
+ -I"${BUILD_DIR}"/include \ |
1744 |
+ -I../../../../include \ |
1745 |
+ ${CFLAGS} \ |
1746 |
+ -o sha2.lo \ |
1747 |
+ -c sha2.c || die "compiling pw-sha2 failed" |
1748 |
+ "${lt}" --mode=compile --tag=CC \ |
1749 |
+ "${CC}" \ |
1750 |
+ -I"${BUILD_DIR}"/include \ |
1751 |
+ -I../../../../include \ |
1752 |
+ ${CFLAGS} \ |
1753 |
+ -o slapd-sha2.lo \ |
1754 |
+ -c slapd-sha2.c || die "compiling pw-sha2 failed" |
1755 |
+ einfo "Linking contrib-module: pw-sha2" |
1756 |
+ "${lt}" --mode=link --tag=CC \ |
1757 |
+ "${CC}" -module \ |
1758 |
+ ${CFLAGS} \ |
1759 |
+ ${LDFLAGS} \ |
1760 |
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1761 |
+ -o pw-sha2.la \ |
1762 |
+ sha2.lo slapd-sha2.lo || die "linking pw-sha2 failed" |
1763 |
+ fi |
1764 |
+ |
1765 |
+ # We could build pw-radius if GNURadius would install radlib.h |
1766 |
+ cd "${S}/contrib/slapd-modules/passwd" || die |
1767 |
+ einfo "Compiling contrib-module: pw-netscape" |
1768 |
+ "${lt}" --mode=compile --tag=CC \ |
1769 |
+ "${CC}" \ |
1770 |
+ -I"${BUILD_DIR}"/include \ |
1771 |
+ -I../../../include \ |
1772 |
+ ${CFLAGS} \ |
1773 |
+ -o netscape.lo \ |
1774 |
+ -c netscape.c || die "compiling pw-netscape failed" |
1775 |
+ einfo "Linking contrib-module: pw-netscape" |
1776 |
+ "${lt}" --mode=link --tag=CC \ |
1777 |
+ "${CC}" -module \ |
1778 |
+ ${CFLAGS} \ |
1779 |
+ ${LDFLAGS} \ |
1780 |
+ -rpath "${EPREFIX}"/usr/$(get_libdir)/openldap/openldap \ |
1781 |
+ -o pw-netscape.la \ |
1782 |
+ netscape.lo || die "linking pw-netscape failed" |
1783 |
+ |
1784 |
+ #build_contrib_module "acl" "posixgroup.c" "posixGroup" # example code only |
1785 |
+ #build_contrib_module "acl" "gssacl.c" "gss" # example code only, also needs kerberos |
1786 |
+ build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay" |
1787 |
+ build_contrib_module "allop" "allop.c" "overlay-allop" |
1788 |
+ build_contrib_module "allowed" "allowed.c" "allowed" |
1789 |
+ build_contrib_module "autogroup" "autogroup.c" "autogroup" |
1790 |
+ build_contrib_module "cloak" "cloak.c" "cloak" |
1791 |
+ # build_contrib_module "comp_match" "comp_match.c" "comp_match" # really complex, adds new external deps, questionable demand |
1792 |
+ build_contrib_module "denyop" "denyop.c" "denyop-overlay" |
1793 |
+ build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin" |
1794 |
+ build_contrib_module "dupent" "dupent.c" "dupent" |
1795 |
+ build_contrib_module "lastbind" "lastbind.c" "lastbind" |
1796 |
+ # lastmod may not play well with other overlays |
1797 |
+ build_contrib_module "lastmod" "lastmod.c" "lastmod" |
1798 |
+ build_contrib_module "noopsrch" "noopsrch.c" "noopsrch" |
1799 |
+ build_contrib_module "nops" "nops.c" "nops-overlay" |
1800 |
+ #build_contrib_module "nssov" "nssov.c" "nssov-overlay" RESO:LATER |
1801 |
+ build_contrib_module "trace" "trace.c" "trace" |
1802 |
+ # build slapi-plugins |
1803 |
+ cd "${S}/contrib/slapi-plugins/addrdnvalues" || die |
1804 |
+ einfo "Building contrib-module: addrdnvalues plugin" |
1805 |
+ "${CC}" -shared \ |
1806 |
+ -I"${BUILD_DIR}"/include \ |
1807 |
+ -I../../../include \ |
1808 |
+ ${CFLAGS} \ |
1809 |
+ -fPIC \ |
1810 |
+ ${LDFLAGS} \ |
1811 |
+ -o libaddrdnvalues-plugin.so \ |
1812 |
+ addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed" |
1813 |
+ |
1814 |
+ fi |
1815 |
+} |
1816 |
+ |
1817 |
+multilib_src_test() { |
1818 |
+ if multilib_is_native_abi; then |
1819 |
+ cd tests || die |
1820 |
+ emake tests || die "make tests failed" |
1821 |
+ fi |
1822 |
+} |
1823 |
+ |
1824 |
+multilib_src_install() { |
1825 |
+ local lt="${BUILD_DIR}/libtool" |
1826 |
+ emake DESTDIR="${D}" SHELL="${BASH}" install |
1827 |
+ |
1828 |
+ if ! use minimal && multilib_is_native_abi; then |
1829 |
+ # openldap modules go here |
1830 |
+ # TODO: write some code to populate slapd.conf with moduleload statements |
1831 |
+ keepdir /usr/$(get_libdir)/openldap/openldap/ |
1832 |
+ |
1833 |
+ # initial data storage dir |
1834 |
+ keepdir /var/lib/openldap-data |
1835 |
+ use prefix || fowners ldap:ldap /var/lib/openldap-data |
1836 |
+ fperms 0700 /var/lib/openldap-data |
1837 |
+ |
1838 |
+ echo "OLDPF='${PF}'" > "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
1839 |
+ echo "# do NOT delete this. it is used" >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
1840 |
+ echo "# to track versions for upgrading." >> "${ED}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}" |
1841 |
+ |
1842 |
+ # use our config |
1843 |
+ rm "${ED}"etc/openldap/slapd.conf |
1844 |
+ insinto /etc/openldap |
1845 |
+ newins "${FILESDIR}"/${PN}-2.4.40-slapd-conf slapd.conf |
1846 |
+ configfile="${ED}"etc/openldap/slapd.conf |
1847 |
+ |
1848 |
+ # populate with built backends |
1849 |
+ ebegin "populate config with built backends" |
1850 |
+ for x in "${ED}"usr/$(get_libdir)/openldap/openldap/back_*.so; do |
1851 |
+ einfo "Adding $(basename ${x})" |
1852 |
+ sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}" |
1853 |
+ done |
1854 |
+ sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t${EPREFIX}/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}" |
1855 |
+ use prefix || fowners root:ldap /etc/openldap/slapd.conf |
1856 |
+ fperms 0640 /etc/openldap/slapd.conf |
1857 |
+ cp "${configfile}" "${configfile}".default |
1858 |
+ eend |
1859 |
+ |
1860 |
+ # install our own init scripts and systemd unit files |
1861 |
+ einfo "Install init scripts" |
1862 |
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd-initd-2.4.40-r2 > "${T}"/slapd || die |
1863 |
+ doinitd "${T}"/slapd |
1864 |
+ newconfd "${FILESDIR}"/slapd-confd-2.4.28-r1 slapd |
1865 |
+ |
1866 |
+ einfo "Install systemd service" |
1867 |
+ sed -e "s,/usr/lib/,/usr/$(get_libdir)/," "${FILESDIR}"/slapd.service > "${T}"/slapd.service || die |
1868 |
+ systemd_dounit "${T}"/slapd.service |
1869 |
+ systemd_install_serviced "${FILESDIR}"/slapd.service.conf |
1870 |
+ systemd_newtmpfilesd "${FILESDIR}"/slapd.tmpfilesd slapd.conf |
1871 |
+ |
1872 |
+ # If built without SLP, we don't need to be before avahi |
1873 |
+ use slp \ |
1874 |
+ || sed -i \ |
1875 |
+ -e '/before/{s/avahi-daemon//g}' \ |
1876 |
+ "${ED}"etc/init.d/slapd |
1877 |
+ |
1878 |
+ if use cxx ; then |
1879 |
+ einfo "Install the ldapc++ library" |
1880 |
+ cd "${BUILD_DIR}/contrib/ldapc++" || die |
1881 |
+ emake DESTDIR="${D}" libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install |
1882 |
+ cd "${S}"/contrib/ldapc++ || die |
1883 |
+ newdoc README ldapc++-README |
1884 |
+ fi |
1885 |
+ |
1886 |
+ if use smbkrb5passwd ; then |
1887 |
+ einfo "Install the smbk5pwd module" |
1888 |
+ cd "${S}/contrib/slapd-modules/smbk5pwd" || die |
1889 |
+ emake DESTDIR="${D}" \ |
1890 |
+ LDAP_BUILD="${BUILD_DIR}" \ |
1891 |
+ libexecdir="${EPREFIX}/usr/$(get_libdir)/openldap" install |
1892 |
+ newdoc README smbk5pwd-README |
1893 |
+ fi |
1894 |
+ |
1895 |
+ if use overlays ; then |
1896 |
+ einfo "Install the samba4 module" |
1897 |
+ cd "${S}/contrib/slapd-modules/samba4" || die |
1898 |
+ emake DESTDIR="${D}" \ |
1899 |
+ LDAP_BUILD="${BUILD_DIR}" \ |
1900 |
+ libexecdir="/usr/$(get_libdir)/openldap" install |
1901 |
+ newdoc README samba4-README |
1902 |
+ fi |
1903 |
+ |
1904 |
+ einfo "Installing contrib modules" |
1905 |
+ cd "${S}/contrib/slapd-modules" || die |
1906 |
+ for l in */*.la */*/*.la; do |
1907 |
+ [[ -e ${l} ]] || continue |
1908 |
+ "${lt}" --mode=install cp ${l} \ |
1909 |
+ "${ED}"usr/$(get_libdir)/openldap/openldap || \ |
1910 |
+ die "installing ${l} failed" |
1911 |
+ done |
1912 |
+ |
1913 |
+ dodoc "${FILESDIR}"/DB_CONFIG.fast.example |
1914 |
+ docinto contrib |
1915 |
+ doman */*.5 |
1916 |
+ #newdoc acl/README* |
1917 |
+ newdoc addpartial/README addpartial-README |
1918 |
+ newdoc allop/README allop-README |
1919 |
+ newdoc allowed/README allowed-README |
1920 |
+ newdoc autogroup/README autogroup-README |
1921 |
+ newdoc dsaschema/README dsaschema-README |
1922 |
+ newdoc passwd/README passwd-README |
1923 |
+ cd "${S}/contrib/slapi-plugins" || die |
1924 |
+ insinto /usr/$(get_libdir)/openldap/openldap |
1925 |
+ doins */*.so |
1926 |
+ docinto contrib |
1927 |
+ newdoc addrdnvalues/README addrdnvalues-README |
1928 |
+ |
1929 |
+ insinto /etc/openldap/schema |
1930 |
+ newins "${DISTDIR}"/${BIS_P} ${BIS_PN} |
1931 |
+ |
1932 |
+ docinto back-sock ; dodoc "${S}"/servers/slapd/back-sock/searchexample* |
1933 |
+ docinto back-shell ; dodoc "${S}"/servers/slapd/back-shell/searchexample* |
1934 |
+ docinto back-perl ; dodoc "${S}"/servers/slapd/back-perl/SampleLDAP.pm |
1935 |
+ |
1936 |
+ dosbin "${S}"/contrib/slapd-tools/statslog |
1937 |
+ newdoc "${S}"/contrib/slapd-tools/README README.statslog |
1938 |
+ fi |
1939 |
+ |
1940 |
+ use static-libs || prune_libtool_files --all |
1941 |
+} |
1942 |
+ |
1943 |
+multilib_src_install_all() { |
1944 |
+ dodoc ANNOUNCEMENT CHANGES COPYRIGHT README |
1945 |
+ docinto rfc ; dodoc doc/rfc/*.txt |
1946 |
+} |
1947 |
+ |
1948 |
+pkg_preinst() { |
1949 |
+ # keep old libs if any |
1950 |
+ preserve_old_lib /usr/$(get_libdir)/{liblber,libldap_r,liblber}-2.3$(get_libname 0) |
1951 |
+ # bug 440470, only display the getting started help there was no openldap before, |
1952 |
+ # or we are going to a non-minimal build |
1953 |
+ ! has_version net-nds/openldap || has_version 'net-nds/openldap[minimal]' |
1954 |
+ OPENLDAP_PRINT_MESSAGES=$((! $?)) |
1955 |
+} |
1956 |
+ |
1957 |
+pkg_postinst() { |
1958 |
+ if ! use minimal ; then |
1959 |
+ # You cannot build SSL certificates during src_install that will make |
1960 |
+ # binary packages containing your SSL key, which is both a security risk |
1961 |
+ # and a misconfiguration if multiple machines use the same key and cert. |
1962 |
+ if use ssl; then |
1963 |
+ install_cert /etc/openldap/ssl/ldap |
1964 |
+ use prefix || chown ldap:ldap "${EROOT}"etc/openldap/ssl/ldap.* |
1965 |
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
1966 |
+ ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" |
1967 |
+ ewarn "add 'TLS_REQCERT allow' if you want to use them." |
1968 |
+ fi |
1969 |
+ |
1970 |
+ if use prefix; then |
1971 |
+ # Warn about prefix issues with slapd |
1972 |
+ eerror "slapd might NOT be usable on Prefix systems as it requires root privileges" |
1973 |
+ eerror "to start up, and requires that certain files directories be owned by" |
1974 |
+ eerror "ldap:ldap. As Prefix does not support changing ownership of files and" |
1975 |
+ eerror "directories, you will have to manually fix this yourself." |
1976 |
+ fi |
1977 |
+ |
1978 |
+ # These lines force the permissions of various content to be correct |
1979 |
+ use prefix || chown ldap:ldap "${EROOT}"var/run/openldap |
1980 |
+ chmod 0755 "${EROOT}"var/run/openldap |
1981 |
+ use prefix || chown root:ldap "${EROOT}"etc/openldap/slapd.conf{,.default} |
1982 |
+ chmod 0640 "${EROOT}"etc/openldap/slapd.conf{,.default} |
1983 |
+ use prefix || chown ldap:ldap "${EROOT}"var/lib/openldap-data |
1984 |
+ fi |
1985 |
+ |
1986 |
+ if has_version 'net-nds/openldap[-minimal]' && ((${OPENLDAP_PRINT_MESSAGES})); then |
1987 |
+ elog "Getting started using OpenLDAP? There is some documentation available:" |
1988 |
+ elog "Gentoo Guide to OpenLDAP Authentication" |
1989 |
+ elog "(https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP)" |
1990 |
+ elog "---" |
1991 |
+ elog "An example file for tuning BDB backends with openldap is" |
1992 |
+ elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/" |
1993 |
+ fi |
1994 |
+ |
1995 |
+ preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3$(get_libname 0) |
1996 |
+} |